Bug 847620 - [FEAT] NFSv3 Authorization rpcsec_gss + krb5 (cluster aware credential cache)
[FEAT] NFSv3 Authorization rpcsec_gss + krb5 (cluster aware credential cache)
Status: CLOSED DEFERRED
Product: GlusterFS
Classification: Community
Component: nfs (Show other bugs)
mainline
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: GlusterFS Bugs list
: FutureFeature
Depends On:
Blocks: 852953 854182 864864
  Show dependency treegraph
 
Reported: 2012-08-13 03:29 EDT by Krishna Srinivas
Modified: 2014-10-26 05:33 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 864864 (view as bug list)
Environment:
Last Closed: 2014-10-25 13:29:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Krishna Srinivas 2012-08-13 03:29:52 EDT
Support for rpcsec_gss + krb5 based authentication for NFSv3.
Comment 1 Anand Avati 2012-08-30 01:32:00 EDT
We should not target this specifically for NFSv3. Introducing this auth mode should be usable in RPC between protocol client/server - specifically for usage with gfapi.
Comment 3 Niels de Vos 2014-10-25 13:29:34 EDT
This will be supported when nfs-ganesha is used in combination with Gluster. There currently is no intention to add support for rpcsec_gss/krb5 to Gluster/NFS.
Comment 4 Alastair Neil 2014-10-25 16:30:00 EDT
sorry does this mean there is no intention to provide secure rpc to gluster sharing at all except through third party layers?
Comment 5 Niels de Vos 2014-10-26 05:33:38 EDT
(In reply to Alastair Neil from comment #4)
> sorry does this mean there is no intention to provide secure rpc to gluster
> sharing at all except through third party layers?

This bug/feature was for signed/encrypted support for NFSv3, for which we currently do not have a plan to add. nfs-ganesha is a very feature complete NFS-server and will get more attention to improve support for Gluster.

There is support for SSL encrypted communication between clients and servers (see bug 1114604 for more details). I think a feature request for krb5 signed/encrypted GlusterFS communication would make sense and could get accepted. There does not seem to be such a request yet (or at least I can not find it), so you may want to file a new bug for it against the rpc component:
- https://bugzilla.redhat.com/enter_bug.cgi?product=GlusterFS&component=rpc

Note You need to log in before you can comment on or make changes to this bug.